The Importance of Threat Hunting Automation for XDR [Hunters]

Download The Importance of Threat Hunting Automation for XDR by completing the form on the right.

Extended Detection & Response (XDR) is a promising, emerging solution category that the industry is turning toward in order to improve threat detection and response by crossing all attack surfaces and reducing alert noise.

While the pace and breadth of threats outstrip human-based detection and single-point solutions, it also overwhelms SOC teams triage with a deluge of alerts and false-positives. Organizations worldwide are beginning to add XDR correlations to their existing security stack, both for detection efficacy and overall SOC operational efficiency.

However, correlation is only one piece of the puzzle. Threat hunting has long been an effective framework for cohesive threat analysis and data connection across sparse, siloed areas of the enterprise. Unfortunately, due to the scarcity in domain expertise, it has also been extremely difficult to scale. Automating proactive threat hunting processes for XDR can transform this equation.

In 2020, Cybersecurity Insiders conducted in-depth research on threat hunting in SOC detection and response to gain deeper insights into the maturity and evolution of the XDR security practice. The research confirms that threat hunting automation can transform extended detection and response.

Organizations realize that threat hunting is viable to improve defenses against current and future attacks, and moreover, that automating them can play a critical role in XDR solutions. Security leaders can provide their security analysts with powerful technologies to enable earlier detection at scale, reduce dwell time, and improve breach detection.

Key findings include:

  • 82% of respondents agree that attackers typically dwell in a network between 1-15 days, on average, before they’re discovered by the SOC. Only 13% report they can detect attacks within the same day, and almost half of organizations (47%) within 5 days.
  • Respondents think 38% of advanced, emerging threats are missed by traditional security tools.
  • Organizations confirm that it takes 4x more time to detect threats without a threat hunting solution, and more than twice the time to investigate threats without a threat hunting solution.
  • The most important capability that cybersecurity professionals consider critical to the effectiveness of their threat hunting solutions is automatic detection (69%), followed by threat intelligence (62%), and integration and normalization of multiple data sources (48%).
  • The top benefits organizations derive from threat hunting automation include improved detection of advanced threats (63%), followed by reduced investigation time (55%), and saving time manually correlating events (47%).

We would like to thank Hunters for supporting this important research. We hope you find this report informative and helpful as you continue your efforts in protecting sensitive data, systems and workloads.


More Popular Resources